The bill seeks to strengthen cybersecurity measures within the Kansas government by establishing chief information security officers (CISOs) for each branch and mandating the development of cybersecurity programs that comply with the National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF) 2.0. It removes expiration provisions from existing legislation, ensuring that cybersecurity responsibilities and standards remain in effect indefinitely. The bill also requires annual cybersecurity awareness training for all employees, with consequences for non-compliance, including the revocation of access to state-issued hardware or networks.

In addition to establishing CISOs for the judicial and legislative branches, the bill outlines their responsibilities, including the development of security standards and coordination on cybersecurity incidents. It mandates that all cybersecurity services be administered by the respective chief information technology and security officers by July 1, 2027, and requires the transition of government websites to ".gov" domains by February 1, 2025. The legislation aims to create a cohesive and robust cybersecurity framework across state government, ensuring ongoing compliance and the protection of sensitive information.

Statutes affected:
As introduced: 40-110, 45-215, 75-413, 75-623, 75-710, 75-711, 75-7203, 75-7245, 75-7206a, 75-7208a, 76-711, 75-7246